octave: updated to 11.3.0
Summary of bugs fixed for version 11.3.0 (2026-06-01):
This version brings only minor changes compared to Octave 11.2.0. Most
importantly, it fixes the SOVERSION of the `liboctinterp` library.
For (bug #XXXXX) see https://savannah.gnu.org/bugs/?XXXXX
Improvements and fixes
- Fix returning reciprocal condition number as second output from `det` for
triangular dense matrices.
Restore aprint_error_dev() for early errors. It's not perfect, but on
reflection better than removing it for when we run `dmesg` later.
(partially reverts r1.15)
dnsmasq: updated to 2.93
version 2.93
Fix a corner-case in DNSSEC validation with wildcards. If we have
a wildcard record *.example.com and receive a query for
a.example.com then that's OK, but we have to check that there isn't
an actual a.example.com record. The corner case is when we get a
query for *.example.com in that case the non-existence check
is not required, was being done. Thanks to Jan Breig for
spotting this.
Enable support for inotify on FreeBSD 15.0-RELEASE, which added
Linux-compatible inotify support.
Fix DNSSEC failure with spurious RRSIGs. The presence of wrong
RRSIG RRs in replies caused DNSSEC validation to fail even
when the RRs do not require validation because the zone is
unsigned. Note that, at the time of this commit, Google
[29 lines not shown]
libde265: updated to 1.1.1
1.1.1
The decoding speed has been improved by about 8% on x86 CPUs thanks to more SIMD acceleration and optimized CABAC code. Also the startup time has been improved, which gives a 3% speed improvement when decoding HEIC files with similar-sized tiles.
Build differences
When building shared-libraries in Release mode, we are now using -fvisibility=hidden by default. You can override this with the new cmake option "FORCE_FULL_VISIBILITY".
Security
CVE TBD (GHSA-ccfw-29x7-rrx3) - Pixel accessor signed integer overflow causes heap OOB read/write
CVE TBD (GHSA-j2qq-x2xq-g9wr) - SAO sequential filter heap buffer overflow via signed integer overflow
haproxy: updated to 3.4.0
3.4.0
- BUG/MINOR: tcpcheck: Check LDAP response to not read more data than available
- BUG/MINOR: ssl-gencert: validate SNI characters to prevent SAN certificate injection
- BUG/MINOR: mux-h1: H2 preface rejection doesn't update stick-table glitches
- BUG/MEDIUM: cpu-topo: Enforce thread-hard-limit on policy
- BUG/MEDIUM: qmux: do not crash on too large record
- BUG/MEDIUM: qmux: do not crash on receiving an invalid first frame
- BUG/MINOR: qmux: reject too large initial record
- Revert "BUG/MEDIUM: dns: fix long loops in additional records parse on name failure"
- BUG/MINOR: qpack: Fix index calculation in debug functions
- BUG/MINOR: qpack: fix potential null-pointer dereference in qpack_dht_insert()
- CLEANUP: qpack: fix copy-paste typo in value Huffman debug string
- BUG/MINOR: qpack: fix sign bit mask in qpack_decode_fs_pfx()
- CLEANUP: qpack: fix copy-paste typo in value Huffman debug string for WLN
- BUG/MINOR: qpack: fix huff_dec() error handling in qpack_decode_fs()
- CLEANUP: qpack: move encoded macros to qpack-t.h to avoid duplication
- BUG/MEDIUM: quic: handle ECONNREFUSED on RX side
[76 lines not shown]
arm: relax coherent DMA ordering barriers from DSB to DMB
Use DMB instead of DSB for the ARM coherent DMA ordering macros dma_*_*()
The previous definitions used DSB, which enforces completion semantics and
is heavier than needed for coherent device DMA ordering. DMB provides ordering
of memory operations without requiring full completion, making it the
appropriate barrier for these coherent-only CPU/device DMA paths.
Tested on Fusion VM, Orion O6, and Thunderx.
There is an approximate 1% performance improvement for the Fusion VM, but
less for Orion O6 and Thunderx.
py-ruff: updated to 0.15.16
0.15.16
Preview features
[flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119)
[pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717)
[ruff] Treat yield before break from a terminal loop as terminal (RUF075)
Bug fixes
[eradicate] Avoid flagging ruff:ignore comments as code (ERA001)
[eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code
[pyflakes] Avoid removing the format call when it would change behavior (F523)
[pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515)
[pyupgrade] Avoid converting format calls with more kinds of side effects (UP032)
Rule changes
[16 lines not shown]
py-apsw: updated to 3.53.2.0
3.53.2.0
Reflects changes and updates in SQLite extra. The sqlite3_scrub binary has been removed - use VACUUM INTO instead.
pppoe(4): wait for incoming connection in STATE_STARTING on server
When the interface goes up, LCP is now explicitly opened to
start the lower (PPPoE) layer. This behavior is the same for
both active and passive connections.
To unify the implementation, remove the difference in LCP
handling between these connections.
Remove unused if_up() code since loopback detected interface remains down
Previously, the lower layer could still trigger an if_up() even after
if_down(). However, now that if_down() completely stops the interface,
this subsequent if_up() is no longer called.
Reset LCP by triggering Close and Open events sequentially
Previously, LCP waited for a Down event after Close, and
triggered the Open event upon receiving it. However, simply triggering
the Close and Open events sequentially is sufficient to reset all
layer states.
NOTE:
To restart the connection after a keepalive timeout or
a loopback is detected, disable the PP_LOOPBACK_IFDOWN
and/or PP_KEEPALIVE_IFDOWN options.
sysutils/uutils-coreutils: update to 0.9.0
Rust Coreutils 0.9.0 Release:
We are excited to announce the release of Rust Coreutils 0.9.0 - a release focused on safety and security.
This cycle was shaped by a third-party security audit, driving extensive TOCTOU hardening and a sustained,
project-wide effort to shrink the amount of unsafe code by removing it outright and migrating low-level
syscalls from nix/libc to rustix.
On top of that, we landed major zero-copy I/O performance work (splice/tee/pipe), broadened WebAssembly,
Cygwin and Windows support, and continued contributing tests and bug reports upstream to GNU coreutils.
Highlights:
GNU Compatibility & Upstream Contributions
629 passing tests (+7 from 0.6.0), with 19 new tests added from the GNU 9.10 update
Updated GNU test reference from 9.9 to 9.10
Contributed numerous patches upstream to GNU coreutils, benefiting both projects
New GNU compatibility fixes across date, fmt, kill, ptx, numfmt, cksum, and more
Took over maintenance of num-prime, the primality testing library used by factor
[105 lines not shown]
